Posted By: TeamComply
Clearing Alerts/Red Flags - 12/10/19 03:11 PM
Where is the regulatory requirement to clear alerts/red flags (such as credit bureau alerts) located? Management is questioning whether this is required, so I'm looking for a regulatory reference. Thanks in advance.
Posted By: rlcarey
Re: Clearing Alerts/Red Flags - 12/10/19 03:17 PM
https://www.bankersonline.com/regulations/12-222-suppaClearing fraud and active duty alerts should be incorporated into your red flags program.
Posted By: TeamComply
Re: Clearing Alerts/Red Flags - 12/10/19 04:07 PM
Thank you. And what about alerts on credit bureaus such as “Do not confuse with consumers of similar ID, Verify all identifying info†, “Input current address has been reported misused and requires further investigation†or "inquiries alert" these too, would need to be cleared as part of the red flag requirements, correct? Or is this more of a bank decision - based on the bank's red flags program?
Posted By: rlcarey
Re: Clearing Alerts/Red Flags - 12/10/19 04:16 PM
The first question would be - why in the world would you not clear such alerts? I cannot think of a reason in this age of attempted loan fraud that you would just say - nah - we don't have to worry about these issues. And yes, your Red Flag program should specifically address all alerts.
Posted By: TeamComply
Re: Clearing Alerts/Red Flags - 12/10/19 04:36 PM
I completely agree, but I'm receiving push back from a member of mgmt. regarding this (he handles indirect lending)...apparently he doesn't think it is necessary to clear these (or it takes too much time/effort), who knows?!
Posted By: rlcarey
Re: Clearing Alerts/Red Flags - 12/10/19 04:44 PM
So they don't even have the customer sitting in front of them. Now that really reduces the risk of fraud - LOL
Posted By: Dan Persfull
Re: Clearing Alerts/Red Flags - 12/10/19 05:57 PM
You may want that person to review the following (hesitate to refer to that person as "management" if they are not familiar with the Red Flag/Identify Theft requirements as long as they have been around).
A Google search will bring up numerous other references/
https://www.ftc.gov/tips-advice/business-center/privacy-and-security/red-flags-rulehttps://www.fdic.gov/regulations/laws/rules/2000-5650.htmlAlso your Board of Directors is ultimately responsible for your Red Flags/Identity Theft Prevention policy. So if this "manager" is not following procedures it needs to be identified and included in your annual Identity Theft Program report to the board.
Posted By: John Burnett
Re: Clearing Alerts/Red Flags - 12/10/19 09:08 PM
What's the bank's compliance culture like? Is there "buy in" from the board? If this "manager" is pushing back against a regulatory requirement that involves not only compliance but also safety and soundness, I don't think you should wait to report this to the board. I'd write it up and get it in front of the board (or at least senior management) as quickly as possible.
Posted By: TeamComply
Re: Clearing Alerts/Red Flags - 12/10/19 09:40 PM
And these alerts should be cleared on all loan requests, whether originated or a turndown? The pushback is more on the turndown side, if we aren't going to do the deal or have an ongoing relationship with the individual, he doesn't feel clearing the alert is necessary.
Posted By: rlcarey
Re: Clearing Alerts/Red Flags - 12/10/19 09:51 PM
https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20090611a1.pdf2. If the user plans to deny the consumer’s application to open a new account on the basis of information in a consumer report, must a user that receives a notice of address discrepancy take steps to establish a reasonable belief that the consumer report it has obtained relates to the consumer?
Yes. If a user plans to deny the consumer’s application based on a consumer report, the user must take steps to ensure that the consumer report on which it is relying pertains to the consumer.
Posted By: TeamComply
Re: Clearing Alerts/Red Flags - 02/10/20 06:37 PM
Getting questions about this again...so the Q and A specifically addresses "address discrepancy" with regard to a loan application that will be denied, but "number of inquiries" or any other red flag could be substituted here (since the bank plans to deny the consumer's application based on information in the consumer report), therefore that user must takes steps to ensure that the consumer report on which it is relying pertains to the consumer...with regard to any alert (including "number of inquiries"), not just an "address discrepancy" is this correct? The pushback is on loan applications we will turndown, that contain an "number of inquiries" alert...and the need/requirement to "clear" these.